Karen Gray: How consistency can make or break a compliance program

A recent OFAC enforcement action illustrated the importance of consistency.

AIG settled 555 “apparent violations” of trade sanctions against Iran, Sudan, and Cuba or blocked persons. The violations occurred over a six-year period despite AIG’s OFAC compliance program in place.

In announcing the settlement, the U.S. Treasury Department said AIG’s voluntarily disclosure of the violations and its compliance program were mitigating circumstances. But it also noted that the violations might have been avoided had AIG consistently included exclusionary clauses for sanctioned countries and blocked persons in the insurance policies it issued.

Unfortunately, not all policies included those exclusionary clauses or, OFAC said, the clauses were “too narrow in their scope and application to be effective.”

Ultimately, AIG’s compliance program, self-disclosure of violations and subsequent cooperation resulted in a reduced civil penalty of $149,000 — a better outcome than AIG might have faced under less positive circumstances.

On the other hand, enforcement agencies have shown a willingness to forgo enforcement actions entirely when a company diligently follows a robust compliance program and still finds itself in a compromising position.

For example, Harris Corporation avoided prosecution in spite of apparent violations of the FCPA by a newly-acquired subsidiary, CareFx Corporation.

The company received word from the DOJ during the second quarter of fiscal 2017 prosecutors had determined not to take any action against Harris for the CareFx matter.

Before that, the SEC said in September 2016: “Although only able to perform limited pre-acquisition due diligence on the subsidiary, Harris took immediate and significant steps after the acquisition to train staff in China and integrate the subsidiary into Harris’s system of internal accounting controls.”

The SEC also said, “As a result of Harris’s post-acquisition measures, including the implementation of an anonymous complaint hotline, Harris discovered the misconduct at the subsidiary within five months of the acquisition.”

The Harris declination was a landmark case for the DOJ Pilot Program, in part because the CEO of the Chinese subsidiary CareFx China was charged by the SEC for causing books and records violations of the FCPA, while the company itself was able to avoid an enforcement action because of the strength and consistent implementation of its compliance program.

Declinations are a good reminder that compliance programs, consistenty applied, matter.

_____

Karen Gray is a Senior Entity Due Diligence and Monitoring specialist for LexisNexis. She serves as an expert and central point person for all due diligence and third-party monitoring solutions. She is a resource for Benchmarking, Market Intelligence, Strategic Category Management, and Vendor Selection, and focuses on efforts to improve profitability and cash flow, risk mitigation and operational efficiencies with regard to vendor selection and monitoring.

Legal

Quick Links

About

We set out in 2007 to bring our readers free and unrestricted coverage of all Foreign Corrupt Practices Act enforcement actions — the first to do that in real-time.

Since then we’ve published more than 7,500 posts by 600 different authors.

Our mission is to help compliance professionals and others everywhere understand how corruption happens, what it does to people and institutions, and how anti-corruption laws and compliance programs work.